Attack Recovery Project


This work focused on how to recover a database after it is attacked by a set of malicious transactions that corrupt data. Attack recovery has two aspects: damage assessment and repair. Using checkpoints is simple, but it can sacrifice a lot of good work. If we can stop the database server to do attack recovery, then a technique similar to cascading abort can work. However, since many critical database servers need to be 24*7 available and temporarily making the database shut down can be the real goal of the attacker, on-the-fly attack recovery which never stops the database is necessary in many cases. However, on-the-fly attack recovery faces several unique challenges (compared with traditional database recovery): (1) we need to do repair forwardly; (2) cleaned data objects could be re-damaged during attack recovery; (3) the attack recovery may never terminate in some cases. We have developed both syntact and semantics based attack recovery algorithms. Our syntact-based framework successfully addresses these three challenges. Our semantics-based approach is (in most cases) strictly better than commutativity based repair.


  • P. Liu, P. Ammann, S. Jajodia. "Rewriting Histories: Recovering From Malicious Transactions", Distributed and Parallel Databases, Vol. 8, No. 1, January 2000, pages 7-40. [Download]
  • P. Ammann, S. Jajodia, P. Liu. "Recovering from Malicious Transactions", IEEE Trans. on Knowledge and Data Engineering, To appear. 2002. [Download]
  • P. Liu, S. Jajodia. Trusted Recovery and Defensive Information Warfare, Kluwer Academic Publishers, 2002. ISBN 0-7923-7572-6.
  • P. Liu, S. Jajodia. “Multi-phase damage containment in database systems for intrusion tolerance”, In Proc. 14th IEEE Computer Security Foundations Workshop, 2001.
  • H. Wang, P. Liu, L. Li. “Evaluating the impact of intrusion detection deficiencies on the cost-effectiveness of attack recovery”, In Proc. 7th Information Security Conference, 2004.


  • Peng Liu (Penn State), Paul Ammann, Sushil Jajodia (George Mason University)